Cisco Trust Agent on Mac OS X User Notification Authentication Bypass

Description

Vulnerability Description

Trust Agent for Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the agent delivers a message to a login screen, or over the password prompt to exit the screensaver, through which an unauthenticated user can access System Preferences as the root user. This flaw may lead to a loss of integrity.

Solution Description

Upgrade to version 2.1.104.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Trust Agent for Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the agent delivers a message to a login screen, or over the password prompt to exit the screensaver, through which an unauthenticated user can access System Preferences as the root user. This flaw may lead to a loss of integrity.

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2017

{"result": {"cve": [{"id": "CVE-2007-3184", "type": "cve", "title": "CVE-2007-3184", "description": "Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation.", "published": "2007-06-12T17:30:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3184", "cvelist": ["CVE-2007-3184"], "lastseen": "2017-07-29T11:22:05"}], "cisco": [{"id": "CISCO-SA-20070611-CVE-2007-3184", "type": "cisco", "title": "Cisco Trust Agent Local Privilege Escalation Vulnerability", "description": "Cisco Trust Agent versions 2.1(103) and prior contain a vulnerability when running on Apple Mac OS X that could allow an unauthenticated, local user to bypass security restrictions and gain unauthorized access to the affected system.\n\nThis vulnerability exists due to improper display of user notifications. An unauthenticated, local attacker with physical access to an affected system can exploit this vulnerability by interacting with pop-up messages. By interacting with these items on a system's desktop, the attacker can gain access to the System Preferences of an affected system with root privileges. As a result, the attacker could make configuration changes to the affected system, including modifying user account passwords.\n\nCisco confirmed this vulnerability in a security response and released updated software.\n\nTo exploit this vulnerability, an unauthenticated attacker requires physical access to an affected system. Although the attacker has no control over the notifications sent to the system, when a notification is sent, the attacker can click on it and cause a menu bar to appear. The menu bar can allow the attacker to access the System Preferences control panel with root privileges. This can allow the attacker to make configuration changes to the affected system, such as modifying user account passwords. By changing some settings, the attacker could take complete control over the affected system.\n\nCisco has indicated that this vulnerability only affects CTA installed on Mac OS X systems. CTA installed on Windows or Linux operating systems are not affected.", "published": "2007-06-11T18:06:19", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20070611-CVE-2007-3184", "cvelist": ["CVE-2007-3184"], "lastseen": "2017-09-26T15:34:16"}]}}